Screen Share Security
Glance Screen Share allows agents to view a visitor’s entire screen, not just specific company webpages. Agents see exactly what a visitor sees on their screen.
Security Considerations
Screen Share collects and transmits potentially sensitive visitor information, and has been designed with security as the highest priority. The following describes security considerations that have been addressed by the Screen Share architecture.
Roles and Privileges
During a Screen Share session, security is maintained by constraining a participant’s privileges by role: Host, Guest or Presenter. Additionally, each Glance user belongs to a group, which has at least one Administrator.
Session Host
Only Glance users with a valid subscription can start (or host) a session.
The host’s privileges include:
- Deciding who joins the session, by verbally inviting them during a phone call or sending a link to the session by email, chat, Twitter or Facebook.
- Making the 4-digit session key random (for private on-the-fly sessions), assigned (for scheduled sessions), fixed (for convenience) or not required (for instantly joining non-private sessions).
- Choosing what contact info (name, email, phone) might be requested when a guest joins a session, and whether the data is required or optional.
- Controlling which monitor is shown (so private content can be kept out of view on another screen).
- Hiding the screen (to view something privately).
- Sharing control of the host’s mouse and keyboard with all participants (but always retaining priority).
- Starting a session to view or optionally control the first guest’s computer (for remote tech support).
- Allowing guests to show their screens.
- Ending the session for everyone.
- Whenever the host starts a session, at least one guest must join within 10 minutes. Otherwise the session expires, limiting the chance the host leaves the session running.
The host can end a session at any time. It also ends when the last remaining guest leaves, like a phone call.
Guest
All other session participants are guests. They join the session using their favorite browser, from any PC, Mac or mobile device. (Guests on mobile devices connect instantly, without having to download an app.)
With permission, a guest can:
- View the presenter’s screen.
- Remotely share control of the presenter’s mouse and keyboard.
- Guests may leave a session at any time.
Presenter
A presenter is the person (Host or Guest) currently showing their screen. Any session participant (on a PC or Mac) who installed the Glance software before joining a session can (with the host’s permission) become a presenter. The software is free, and you can download it here. Presenting participants do not need a Glance subscription.
With the host’s permission, a presenter’s privileges include:
- Showing (or hiding) their screen at any time.
- Controlling which monitor to show (so private content can be kept out of view on other screens).
- Sharing the mouse and keyboard with all participants (while always retaining priority).
- Presenters may leave a session at any time.
Administrator
Every Glance user belongs to a group. A group’s administrator determines which privileges are granted to all group members.
These privileges include:
- Letting session guests show their screens.
- Letting presenters share their mouse and keyboard with guests (for remote pointing and technical support).
- Letting users start “View guest’s screen” sessions (for remote tech support and training).
- Mandating what contact info (if any) guests must provide before joining a session.
- Allowing keyless sessions (so guests can browse directly into a session).
- Forcing all sessions to be encrypted.
For example, a company might assign inside sales people to a group that can start keyless sessions, while placing tech support agents in a separate group that requires keys and makes each guest provide an email address.
Administrators can also add/change/drop users and update account billing information.
Authentication
Glance session participants authenticate with the Glance service in different ways, depending upon their role.
Session Host
Anyone hosting a session needs to install Glance’s client software beforehand on their PC or Mac. (Glance sessions cannot be hosted today from mobile devices.) The download is about 1.5 MB. The PC version includes a standard uninstaller. When running, the software places a G icon in the computer’s system tray (PCs) or menu bar (Macs). It connects to the Glance service only during a session.
Each Glance user has a personal Glance Address (URL) name.glance.net and password. The user must supply both (via SSL) before they can host a session. Users can be constrained to choose passwords that match criteria describable by a regular expression.
The host’s computer locally stores an encrypted version of the password. Subsequent sessions can then start with just a click. The host’s computer silently authenticates its login credentials via a secure connection to the Glance service, which confirms the credentials, assigns the session to a Glance server, and allows guests to join.
If a person wants to use a different Glance address to host a session, the person must provide the associated password.
A user who has forgotten a password can reset it by clicking a link in an email sent by Glance to the account’s associated email address. An administrator can also set and change passwords for the group’s users.
Session Guests
The host can adjust how much “friction” guests experience when joining a session.
Often the host just verbally invites people to browse their Glance address and enter the session’s four-digit key.
Alternatively, the host can send invitees a session link in an email, text message or calendar invite, or post it to followers and friends on Twitter or Facebook. The four-digit key can be random (default behavior), assigned by the host (so it can be announced ahead of time), fixed (for convenience) or not required (for even faster joining).
The host can also specify what contact info (name, email, phone) each guest is asked to provide and whether it is required or optional. The data becomes a part of the call detail record of attendees, which the host cannot alter.
The host (or their Administrator) can view or download guest contact info by logging into Glance’s My Account area.
Additionally, each Glance for Salesforce implementation automatically uploads attendee contact info into the session’s corresponding Salesforce Activity record, and optionally creates Lead objects for unrecognized participants.
Remote Support
Many companies use Glance Screen Share for remote technical support. An agent can start a session to view a person’s screen or view and control the person’s screen. In either case, Glance uses an ActiveX control, browser plug-in or Java to install a thin client (download is under 1.5 MB) on the Guest’s PC or Mac. Guests typically do not need administrative privilege to install the client.
While connecting, Glance Screen Share asks the guest to allow the session’s host to view (or control) his computer screen. (Refusing the request terminates the session and uninstalls the client.) Once connected, Glance then posts a prominent Leave button so the guest can confidently end the session at any time.
A person must be present at the remote computer to grant access and join each support session. Glance Screen Share cannot auto-reconnect after a guest reboot, nor can it be used for unattended remote access.
During Remote Control
During remote control, the guest retains priority over their mouse and keyboard. The guest can also click the G icon that appears to control other aspects of the session.
The agent can coach the guest by taking turns showing their own screen. If needed, the agent can escalate the case, inviting other technicians to join the session and share remote control.
Ending the Remote Control Session
Glance Screen Share auto-uninstalls after each remote support session to a PC, unless the guest chooses otherwise. Keeping the software lets a returning guest connect instantly, by skipping the brief download step.
Regardless, Glance Screen Share never leaves icons on the guest’s desktop, system tray, dock or menu bar.